NERCOMP EVENT
Data Privacy
 |
Data privacy is, of necessity, becoming a major focus in many institutions' information security programs. We will spend a day discussing various dimensions of data privacy, with examples provided where possible from successful programs. Among areas considered will be (1) the legal and regulatory framework for data privacy, (2) risk management and obtaining institutional buy-in, (3) eliminating, encrypting, or reducing access to confidential data, (4) awareness and training, and (5) controls and policy compliance issues related to data privacy. Specific regulations such as PCI-DSS, HIPAA, and 201 CFR 17.00 (M.G.L. 93H) will be touched upon as appropriate, tying the first area together with the rest.
Workshop Organizer/Host: David Escalante of Boston College and Chris Misra of University of Massachusetts Amherst
Date/Time:
Tuesday, May 19, 2009
9:15am - 3:00pm
Registration begins at 8:00am
Location:
Four Points Sheraton Hotel and Conference Center
1125 Boston Providence Turnpike
Norwood, MA
Special instructions:
Your fee includes unlimited am and pm break service and lunch.
Pricing:
NERCOMP Members: $124
Non-Members: $249
|
Additional Information
Event Schedule:
8:00am - 9:15am Registration and Coffee
Speakers for the Day:
David Escalante, Director of Computer Policy & Security, Boston College
Christopher Misra, Network Analyst, University of Massachusetts Amherst
9:15am – 10:30am Legal and Regulatory frameworks for data privacy
We will cover the laws and regulations that are current drivers for many of the sensitive data efforts on campuses. We will discuss the impacts of both federal and state laws on campus information security programs. We will also discuss how these frameworks can enable institutional buy-in.
10:30am – 10:45am Break
10:45am – 12:00pm Risk Management: Eliminating, Encrypting, and
Reducing access to confidential data.
Managing sensitive data is intrinsically tied to business processes. These business processes are generally the source of much of our sensitive data. Eliminating, encrypting, and reducing access to these data is one of the most effective ways to reduce some of the key risks. We will cover successes and challenges at our respective campuses.
12:00pm – 1:00pm Lunch (included)
1:00pm – 2:15pm Awareness, Training, Controls, and Policy Compliance
Effective information security programs require a broad array of elements. This session will cover efforts of raising awareness of the issues, creating and disseminating training materials, assorted technical controls, and how these map to policy compliance requirements. We will also review how current sensitive data concerns are aiding the maturity of information security programs.
2:15pm – 3:00pm Q&A
3:00pm End
Speaker:
David Escalante
David Escalante is the Director of Computer Policy & Security at Boston College, where he is responsible for all data security matters. David was nominated for the "Information Security Executive of the Year" award in 2005 and 2006, and has spoken on security topics at events such as the RSA Conference, Educause Security Professionals Conference, and the Campus Technology Conference.
Prior to Boston College, David was the Director of Professional Services, Americas, for Baltimore Technology, a PKI vendor, and the manager of the Network Consulting group at Bolt Beranek & Newman, where he consulted with a variety of Fortune 500 companies on network and security issues.
Speaker:
Christopher Misra
Christopher Misra is a Network Analyst with the University of Massachusetts Amherst where he has worked for the past eight years. His responsiblities including network security management, incident handling, and network security architecture. Chris has been active with various regional and national information security organizations including the Internet2/EDUCAUSE Security Task Force and SALSA, serving on program committees, participating in working groups, and presenting at conferences. Chris chairs the SALSA-NetAuth working group investigating techniques for automating network policy enforcement. Chris has also taught courses on Network Security at UMass for several years.
Related Media Files:
http://64.3.162.168/media/data-privacySlides.pdf
Contact Information:
Lisa DiMauro
860-345-2081
ldimauro@nercomp.org
Hotel Information:
Rooms are available at the Sheraton Norwood, the conference location.
To make reservations contact the Sheraton Norwood at 781-769-7900 and request the "NERCOMP Room Block".
The room block for May 18, will be released on April 20, 2009. Standard queen rooms are available for $150 per night.
|
|